package com.fuxin.app.configuration;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.ClientRegistrationException;
import org.springframework.security.oauth2.provider.NoSuchClientException;
import org.springframework.security.oauth2.provider.client.BaseClientDetails;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;

import java.util.Arrays;

/**
 * @Author fuxin
 * @date 2019/3/2 19:42
 * @description
 */
@Configuration
@EnableAuthorizationServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class AuthorizationServerConfigration extends AuthorizationServerConfigurerAdapter {

	@Autowired
	private AuthenticationManager authenticationManager;
	@Autowired
	private RedisConnectionFactory redisConnectionFactory;

	@Override
	public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
		clients.withClientDetails(new ClientDetailsService() {
			@Override
			public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {

				BaseClientDetails client = new BaseClientDetails();
				if(clientId.equals("web")){
					client.setAuthorizedGrantTypes(Arrays.asList("client_credentials","refresh_token"));
				}else if(clientId.equals("app")){
					client.setAuthorizedGrantTypes(Arrays.asList("password", "refresh_token"));
				}else {
					throw new NoSuchClientException("客户端id错误");
				}
				client.setClientId(clientId);
				client.setClientSecret("123456");
				client.setScope(Arrays.asList("select"));
				client.setAccessTokenValiditySeconds(24 * 60 * 60);
				client.setRefreshTokenValiditySeconds(48 * 60 * 60);
				client.setAuthorities(AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_CLIENT"));
				return client;
			}
		});
	}

	@Override
	public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
		endpoints
				.tokenStore(tokenStore())
				.authenticationManager(authenticationManager);

	}

	@Bean
	public TokenStore tokenStore(){
		return new RedisTokenStore(redisConnectionFactory);
	}
}
